Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "A document, apparently a 'confidential House ethics committee report,' was recently leaked through file-sharing software to the Washington Post. According to the article, 'The committee's review of investigations became available on file-sharing networks because of a junior staff member's use of the software while working from home.' Of course, P2P software is entirely at fault for this incident. If you begin seeing more interest in DRM from Congress, you now know why."
Reader GranTuring points out that the RIAA took the opportunity to make a ridiculous statement of their own. They said, "the disclosure was evidence of a need for controls on peer-to-peer software to block the improper or illegal exchange of music."

I wouldn't blame the pill bottle for that. Instead, I'd ask "where were the parents when this happened?"

The question is: Why/How could the kid get access to the pill bottle? Substitute pill bottle with knife/weapon/dangerous stuff/ and use the result when needed.
Is the safety bottle unbreakable? If not i don't care how hard it is to open it. If the kid get's it hands on it bad things can happen.
Mike

Well you do have to remember we are dealing with a march of the morons situation where you have to put "open can first stupid" to keep the retards from sticking the WHOLE CAN into boiling water and making a soup hand grenade.

But personally I think it is more likely a nice ruse cooked up to make the pill easier to swallow to those same morons when they make P2P illegal. Kinda like the same way they trot out child molesters every time they want to spy on you when you are on the Internet, even those study afte

So long as two computers can communicate with each other, so you will have P2P.

Luckily, we have politicians who's only education is in English, law, history, politics, art. So it's easy to push any techno-babble on them because they are dangerously uneducated fools.

They're dangerous because they are unaware of what they don't know, so they feel qualified (authorized) to make decisions about what they do not really understand.

When the Oracle at Delphi pronounced Socrates the wisest man in all of Greece, Socrates gave a response beyond reproach. He said, "If I am the wisest man, it is because I alone know that I know nothing."

Earlier this week, he professor used a lecture at King's College, London, to say that smoking cannabis created only a "relatively small risk" of psychotic illness and it was actually less harmful than nicotine or alcohol. But on Friday he was forced to quit after receiving a letter from Home Secretary Alan Johnson who said his comments had undermined the scientific independence of the council.

The professor told the BBC..... "Gordon Brown comes into office and soon after that he starts saying absurd things like cannabis is lethal... it has to be a Class B drug. He has made his mind up. We went back, we looked at the evidence, we said, 'No, no, there is no extra evidence of harm, it's still a Class C drug.' He said, 'Tough, it's going to be Class B.'" Prof Nutt said drug laws should not be influenced "petty party politics" and compared them to interest rates, which are set by the Bank of England not the government.

Sounds like a perfectly good example to me. It's not about science and what the evidence shows (marijuana is not particularly dangerous), but about what one man named the prime minister BELIEVES and his power to force his belief on others (make marijuana a class B restricted substance). It's not different than a monarchy in that respect.

Personally this is why I don't think a central government should be making decisions about what citizens can or can not ingest. If I want to smoke marijuana or drink alcohol until I kill myself, and someone finds my rotting body in my home, so be it. That's freedom. It includes not just the right to life, but also the right to end your life, if that's what you choose to do.

Without that right, you're not liberated. You're a serf..... under somebody else's control.

The problem is more subtle than that. They will talk to someone that they perceive as being an expert. Lobbyists working for the relevant industries are probably the only people who they know who are close to being experts (or able to put them in touch with experts). Political think tanks are another source of expert opinions. The end result is that the politicians get a very skewed view of what experts actually believe. There is no good mechanism in place for politicians to get impartial expert opinions. This ought to be the job of the civil service, but they haven't done it well for a good few decades.

You bring up a very good point - Lobbyists are one of the primary sources of information, but it is their job to be biased. While Congress (for us US people) has many agencies to give them expert analyses of important legislation, this analysis comes after a bill is written, and the agencies don't generally make recommendations for how to make changes that are good for the country. Additionally, these agencies are frequently limited by their mandates in how broad their analysis can be, so they are often incomplete or one-sided.

They're dangerous because they are unaware of what they don't know, so they feel qualified (authorized) to make decisions about what they do not really understand.
In my experience, politicans are a lot more likely to seek out expert advice in an area outside their realm than techie are.

There's one big problem with that. If they are thinking about, say, a law concerning file-sharing, the expert advice is going to come from someone who works in the IT industry, likely from an ISP. The interests of the ISP can differ from the interests of its users. So once again it's about authority and not knowledge, in this case the authority being credentials gained by having an institution or a company behind you. It's one reason why the law is so often biased in favor of corporations and other larg

... by people who have no idea what "the press" was when the 1st Amendment was written. Much of it was not large and institutional. It was often as simple as a concerned citizen distributing pamphlets or starting his own local editorial. The individual bloggers are true to this spirit in a way that the media conglomerates could never hope to be.

More importantly, it was better understood that when you read such materials, you were reading the perspective of the author. It was not taken as the "final word" the way professional news is too-often regarded.

So long as two computers can communicate with each other, so you will have P2P.

Luckily, we have politicians who's only education is in English, law, history, politics, art. So it's easy to push any techno-babble on them because they are dangerously uneducated fools.

The committee released a statement on the issue, saying "[o]ur initial review suggests that this unlawful access to confidential information involved the use of peer-to-peer file sharing software on the personal computer of a junior staffer

The technical error is that they forgot the words "incorrectly configured" before P2P software. If you omit those 2 words, it tars any P2P software ever, with the brush of dangerous. Not to mention that the documents shouldn't have been on a private computer. Would they be concerned that the documents had been contaminated by filth if there had been donkey porn on there too ? Should the main target in a libel case be MS Word 2003 ?

I mean ones where contracts are awarded without tenders, or advertising flyers go out with completely tasteless and possibly illegal slams against the opposing parties, or any other political BS that you can think of.

It's never the people at the top that are the problem. It's always some staff flunkie.

That means one of two things to me:

- the big shots lie about not being responsible.- the big shots never actually _do_ anything at all, so what do we pay them for?

>>>we have politicians who's only education is in English, law, history, politics, art.

Therefore more of us engineers and programmers need to run for office. At the state level it's fairly easy - you just need to stand by a highway, hold a sign with your name in bold letters, wave and smile. Once we get enough geeks we can start making sane, logical laws regarding technology.

Alternatively we could bombard our government employees with emails explaining why P2P is not evil. And ultimately even if

Why should our government even have ethics documents that are confidential?

Guess they figure it's unfair to publicly announce someone's being investigated if there are no merits to the claim. Want to run for congress? Get someone to accuse your opponent of something bad, then publicize the resulting investigation.

I concur, if you've ever been accused, or know someone who is accused of a crime, should it be serious enough to report, the media will say allegedly or accused once (so that they can say they said accused and didn't taint a potential jury pool), and then go about reporting the accusations by the police as if it were 100% undisputed fact that the accused did, in fact, commit the crime. Whether the person accused is guilty or not, (in the US at least), there is no hope for them once the press gets their hands on the story (just look at the whole story behind that Duke rape case here while back). Sometimes I think we in the US should adopt the policy they have in England with regards to press coverage of crimes.

Then why does congress get this kind of protection when private citizens suspected of a crime do not?

This is not a crime per se, but a house ethics violation. It's an internal, private matter, as if your company was investigating you, not for a crime, but going against company policy. Congress policing itself, basically.

Then why does congress get this kind of protection when private citizens suspected of a crime do not?

It's an internal investigation. I recall one woman was accused of stealing a cell phone at her company. She refused to hand it over when someone saw her with it. The next morning, she had been fired and a notice was posted on every floor saying that she had been fired for theft of corporate property.

Later on, the woman sued for wrongful dismissal, won, and got some extra award for punitive damages. The cell phone she was using was indeed the exact same make and model the Corporation had purchased, but she had no trouble proving that she had indeed purchased the cell phone herself and been using it for quite a while.

So if your company starts accusing you of a crime, they're certainly free to tell everyone about it, not just their HR/legal personnel, but they better sure follow a process and be damn sure that you did commit such a crime -- otherwise -- that might get them in trouble otherwise.

Because there are things that need to remain secret, yet still remain ethical. For example, wiretaps. You don't want your local crimelord/mob boss being able to tell which of his lines are tapped by going down to the ministry and filling out a freedom of information form, do you?

I wish the mechanics of the leaks: how, software, etc... would be kept quiet. That way, they can keep happening - meaning, I want these leaks to occur because that's the only way to get honest information about our Government. It's not like the media is doing a good job. If it weren't for this leak, would we know anything about this? I dont' think so. Those politicians* would keep doing business as usual.

Now that the politicians know how it's happening, they'll plug this leak. Our only hope is another one opens up.

* - I think "politician" is the most derogatory name you can call someone.

The amazing thing about these "Information Security Awareness Monthly" postings is that they blame P2P and then cite the example of a user using a P2P network to download an executable that contains a trojan. I guess that executables taken from regular webservers are fine, then.

As if anyone even remotely computer literate uses windows for secure documents. Instead of security awareness, i propose we try to promote "Ignorance Awareness" (hey it's an oxymoron!) month, and hopefully shame the politicians into learning that net neutrality won't eat their babies.

I would expect Congressmen to be falling all over each other to bring this to a vote now. After all, it's they're no longer just doing it for the RIAA/MPAA "campaign contributions." Now, it's personal.

I don't think it's a big deal. It just means that a program must tell a user, "Your files you send via this program will be visible to other people." Most P2P programs, and even web browsers, already do this so nothing's going to change.

No longer can you say, "I didn't know it had installed itself and started downloading all the new movies in music, and then saved them to my 'Movies' folder." and have a reasonable doubt. Now you'll have to prove that the software in question didn't tell you that it was installing, and if it's true, the company will get nailed to the wall for it.

No, I'm not blaming P2P for anything, but rather I am saying this is the exact situation where DRM could be useful. A proper document management system would have prevent an information leak, even if the document itself had leaked.

Don't confuse DRM with security. DRM exists for stuff that is supposed to be generally available for everyone, but has locks and restrictions on its use, even after the transaction or exchange of money. Security is for confidential stuff that is not designed to be accessed by everyone, even if they can pay. Those who use DRM may still want the public to use their stuff, but only on their terms. This is a case where those who wrote the document did not intend for it to become public at all.

DRM stands for Digital Rights Management, which is exactly what we're talking about here. The term has been sullied by the RIAA/MPAA, but ignoring their attempts that's exactly what they should have done with this document; managed rights on the document.

On the contrary, a proper document management system would almost HAVE to be on the internet ( dependent on the organization in question of course ). The centralized server which controls access will need to be accessible somehow, and depending on the number of external entities involved I see no efficient method to grant them access other than to chat with the central server.

Most of the information leak and inadvertent downloading of malware arguments are appropriate for Gnutella-like networks. As you point out, it's very unlikely to accidentally leak information over BitTorrent. It's also quite unlikely to accidentally download malware when downloading music or movies over BitTorrent.

I disagree, it is entirely possible to get malware when downloading music or movies. Use caution when retrieving torrent files from sites you do not trust. This includes indexing engines. BitTorrent is very safe when used with torrents from trustworthy sites; ubuntu.com, openoffice.org, no problem.

Which begs the question, did the person holding the document intentionally create a.torrent file of it, and where exactly did he submit it to, seeing as how piratebay.org seems to be down more than up these days ?

As you say, it'll be one of those scumware BearShare type things that not only installs all kinds of spyware on your machine, but opens up your entire C: drive to the world unless you stop it.

I think the government needs an internal IT policy that if you must work on confidential documents and hom

"the ridiculous statement was evidence of a need for controls on corporate media conglomorates to block the improper or illegal control of distribution channels to maintain a monopoly over content distribution."

Good point. The P2P excuse, "inadvertently" placing sensitive documents in a shared folder is indicative of either a moron for a staffer. Or more likely setting up plausible deniability. There is no provable intent, so there's no criminal liability.

The RIAA would love for networks and the Internet to vanish. Sharing information electronically obviously upsets them.

Not quite. They want money out of everything on the Internet. Problem is, they haven't figured out how to pull that off in a way to maximise their own profits. They just want to roll back technology to something they can control and charge out the ass for.

The computer and the internet are potent forces for destablization, but they are also potent forces for control. We're fortunate to live in an age where we can watch people grapple over their initial implementation.

The problem was the leak, not the subsequent distribution. DRM, applied at the source (the Legislature's offices) would have stopped the leak. Or at least provided a trail to its source. But once information is out there in the wild, its too late.

From the RIAA's point of view, stopping most of the distribution of copied content is good enough. But for leaks like this, one or two copies forwarded to the right people is sufficient to do damage. For example, the Pentagon papers didn't need widespread distribu

We don't need any more file sharing, or file sharing rules. We really need politician sharing! Let's start sharing politicians with the Moon, Mars, Jupiter, and especially with Uranus. Oh - wait - that last would be redundant, wouldn't it?

a 'confidential House ethics committee report,' was recently leaked through file-sharing software to the Washington Post.

Hi Government,

I like when the government tells me, even unintentionally, about things that it is doing to investigate allegations of wrongdoing. I would like you to do more investigations and to loop us (your employers) in on the details of the process and the outcomes. Some people will misinterpret such investigations in both directions. That is not cause to shield us from the information, it is cause to shed more daylight on the process so we, your employers, can understand what you are up to each day. This is much like my boss asking me to keep him in the loop on the projects I work on, and is commonly referred to as "accountability."

How many column inches did your corporation dedicate to Balloon Boy? If the answer is more than "1", then I submit that your corporation is part of the problem, not part of the solution. That is an example of what is wrong with for-profit journalism, and the very reason that many of us would be happy to see it die its rightful death.

You want to be a journalist? I applaud you, for we have very few of those left outside of YouTube and the blogosphere (though those media, of course, comprise

This has NOTHING to do with P2P. They might not even be able to show P2P software had anything to do with it. The issue is that ANYONE who is stupid enough to hook a machine dealing with confidential information to the net is a bleeding fool and this includes all my lawyers' secretaries who had their word processing machines on the net - the lawyer who sent me his complete client list, a certain accountant who dropped off at a pawn shop (for $25 bux) all her clients income tax returns along with her DLT7000 (70 GB folks & the tape was in the $3500++ drive!). She used it to backup what ultimately would fit on a couple CD's! She _could_ have simply copied each years tax return to a floppy disk for the specific client! The list also includes a company that had their accounting staff re-input months of work because they picked up a virus in their key machines.

Computers are so cheap that it makes no sense what so ever to take chances like this.

You should had read better our latest memo. Our company proposal targets exactly the source of the current information leaking problem. By using stealth technology, disguising as one of the culprit software, it infiltrate in their networks and kill those pesky PEBCAK softwares that are giving so much headaches lately. Give our company full freedom to act and that problem will be terminated.

I don't think it's crazy to say that a piece of software that 90% of people think of as being for downloading, but that also shares your files automagically in a non-transparent way, is a bad idea. Any file-sharing should be opt-in, not automatically and quietly sharing an unspecified are of your drive.

Which P2P sharing program are you referring to? The ones I've seen or tried have always made it fairly clear what they're sharing on your drive. LimeWire for example, displays a big list on your screen of the files it's marking for sharing if you click the "Share" button under "My Library" and try to share all your media. It has filters, as well, to make it easy to only share files with certain extensions (like MP3 or AVI).

I don't get how someone could overlook the fact it shares their material, even IF

Why the heck isn't someone reaming out the employee/staffer who used his government computer system for personal use? A screw-up like this in the private sector would get him/her fired from many companies for violating company policy regarding the allowed use of the computer system. If that member of congress's office didn't have an acceptable use policy, I'll bet they have one by Monday. It may not be popular to write this on Slashdot but if your employer provides you with a PC for use in your work, it's not really a "personal" computer and you really shouldn't be placing anything on it more personal than, say, a favorite wallpaper.

Yes, the moron that leaked it was, without a doubt, in violation of numerous standard security policies the government has in place.Yet the lying scum want to blame anything and everything except the buffoon that screwed up.

Twenty years ago, they'd have been blaming the Xerox machine instead of the person that accidentally left copies at Kinkos after making unauthorized copies on an unsecured Xerox machine.

Yet the lying scum want to blame anything and everything except the buffoon that screwed up.

And considering they fired the staffer responsible for the leak, how on earth can you say they're not blaming the person? I really don't understand your interpretation of the events.

Twenty years ago, they'd have been blaming the Xerox machine instead of the person that accidentally left copies at Kinkos after making unauthorized copies on an unsecured Xerox machine.

The committee released a statement explaining how the document was leaked. They didn't "blame" P2P, they simply detailed how the document got where it is. If they had said that someone smuggled the document outside in their briefcase, would you interpret it as them attacking briefcases?

The committee released a statement explaining how the document was leaked. They didn't "blame" P2P, they simply detailed how the document got where it is. If they had said that someone smuggled the document outside in their briefcase, would you interpret it as them attacking briefcases?

I agree with your clarification. This isn't intended to argue against what you said about that perception, but rather to highlight where that perception comes from.

The RIAA stated that "the disclosure was evidence of a need for controls on peer-to-peer software to block the improper or illegal exchange of music".

To answer your example, let's say that there is a wealthy, politically active group with a great deal of sympathy in Washington. This group is well-known for its hatred of briefcases because it finds them to be, shall we say, economically inconvenient. If the group said that such a smuggling is evidence that we need (i.e. government) control of briefcases, it might create that impression.

That's particularly true of the RIAA's statement since the document that was leaked has nothing to do with music. They are merely demonstrating that they're desperate for any excuse to demogogue anything related to P2P software, to the point that they will obviously clutch at straws like this. If they were really interested in security, they'd ask the same question another Slashdotter has already asked: why did they allow this person to work on secure documents with an unsecured computer? Only that wouldn't represent an opportunity to raise their pet issue, hence their problem with it.